About identity and access management for your enterprise
GitHub AE uses SAML SSO for user authentication. You can centrally manage access to GitHub AE from an IdP that supports the SAML 2.0 standard. You'll configure identity and access management for GitHub AE by entering the details for your SAML IdP during initialization. For more information, see "Initializing GitHub AE."
After you configure the application for GitHub AE on your IdP, you can grant access to your enterprise by assigning the application to users and groups on your IdP. For more information about SAML SSO for GitHub AE, see "Configuring SAML single sign-on for your enterprise."
By default, your IdP does not communicate with GitHub AE automatically when you assign or unassign the application. GitHub AE creates a user account using SAML Just-in-Time (JIT) provisioning the first time someone navigates to GitHub AE and signs in by authenticating through your IdP. You may need to manually notify users when you grant access to GitHub AE, and you must manually deactivate the user account on GitHub AE during offboarding. You can use SCIM to provision and deprovision user accounts and access for GitHub AE automatically when you assign or unassign the application on your IdP. For more information, see "Configuring user provisioning for your enterprise."
To learn how to configure both authentication and user provisioning for your enterprise with your specific IdP, see "Configuring authentication and provisioning with your identity provider."
Further reading
- SAML Wiki on the OASIS website
- System for Cross-domain Identity Management: Protocol (RFC 7644) on the IETF website
- Restricting network traffic to your enterprise